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Status of This Memo 


This memo provides information for the Internet community. It does 
not specify an Internet standard of any kind. Distribution of this 
memo is unlimited. 


Copyright Notice 
Copyright (C) The Internet Society (2006). 
Abstract 


This memo defines a set of extensions that instrument RADIUS 
accounting server functions. These extensions represent a portion of 
the Management Information Base (MIB) for use with network management 
protocols in the Internet community. Using these extensions, 
IP-based management stations can manage RADIUS accounting servers. 


This memo obsoletes RFC 2621 by deprecating the MIB table containing 
IPv4-only address formats and defining a new table to add support for 
version-neutral IP address formats. The remaining MIB objects from 
RFC 2621 are carried forward into this document. This memo also adds 
UNITS and REFERENCE clauses to selected objects. 
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Les 


Introduction 


This memo defines a portion of the Management Information Base (MIB) 
for use with network management protocols in the Internet community. 
The objects defined within this memo relate to the Remote 
Authentication Dial-In User Service (RADIUS) Accounting Server as 
defined in RFC 2866 [RFC2866]. 


Terminology 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in RFC 2119 [RFC2119]. 


This document uses terminology from RFC 2865 [RFC2865] and RFC 2866 
[RFC2866]. 


This document uses the word "malformed" with respect to RADIUS 
packets, particularly in the context of counters of "malformed 
packets". While RFC 2866 does not provide an explicit definition of 
"malformed", malformed generally means that the implementation has 
determined the packet does not match the format defined in RFC 2866. 
Those implementations are used in deployments today, and thus set the 
de facto definition of "malformed". 


The Internet-Standard Management Framework 
For a detailed overview of the documents that describe the current 


Internet-Standard Management Framework, please refer to section 7 of 
RFC 3410 [RFC3410]. 


Managed objects are accessed via a virtual information store, termed 
the Management Information Base or MIB. MIB objects are generally 
accessed through the Simple Network Management Protocol (SNMP). 
Objects in the MIB are defined using the mechanisms defined in the 
Structure of Management Information (SMI). This memo specifies a MIB 
module that is compliant to the SMIv2, which is described in STD 58, 
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 
[RFC2580]. 


Scope of Changes 


This document obsoletes RFC 2621 [RFC2621], RADIUS Accounting Server 
MIB, by deprecating the radiusAccClientTable table and adding a new 
table, radiusAccClientExtTable, containing 
radiusAccClientInetAddressType and radiusAccClientInetAddress. The 
purpose of these added MIB objects is to support version-neutral IP 
addressing formats. The existing table containing 
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radiusAccClientAddress is deprecated. The remaining MIB objects from 
RFC 2621 are carried forward into this document. This memo also adds 
UNITS and REFERENCE clauses to selected objects. 


RFC 4001 [RFC4001], which defines the SMI Textual Conventions for 
version-neutral IP addresses, contains the following recommendation. 


‘In particular, when revising a MIB module that contains IPv4 
specific tables, it is suggested to define new tables using the 
textual conventions defined in this memo [RFC4001] that support all 


versions of IP. The status of the new tables SHOULD be "current", 
whereas the status of the old IP version specific tables SHOULD be 
changed to "deprecated". The other approach, of having multiple 


similar tables for different IP versions, is strongly discouraged.’ 
5. Structure of the MIB Module 


The RADIUS accounting protocol, described in RFC 2866 [RFC2866], 
distinguishes between the client function and the server function. 
In RADIUS accounting, clients send Accounting-Requests, and servers 
reply with Accounting-Responses. Typically, Network Access Server 
(NAS) devices implement the client function, and thus would be 
expected to implement the RADIUS accounting client MIB, while RADIUS 
accounting servers implement the server function, and thus would be 
expected to implement the RADIUS accounting server MIB. 


However, it is possible for a RADIUS accounting entity to perform 
both client and server functions. For example, a RADIUS proxy may 
act as a server to one or more RADIUS accounting clients, while 
simultaneously acting as an accounting client to one or more 
accounting servers. In such situations, it is expected that RADIUS 
entities combining client and server functionality will support both 
the client and server MIBs. The server MIB is defined in this 
document, and the client MIB is defined in [RFC4670]. 


This MIB module contains thirteen scalars as well as a single table, 
the RADIUS Accounting Client Table, which contains one row for each 
RADIUS accounting client with which the server shares a secret. Each 
entry in the RADIUS Accounting Client Table includes twelve columns 
presenting a view of the activity of the RADIUS accounting server. 


This MIB imports from [RFC2578], [RFC2580], [RFC3411], and [RFC4001]. 
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6. Deprecated Objects 


The deprecated table in this MIB is carried forward from RFC 2621 
[RFC2621]. There are two conditions under which it MAY be desirable 
for managed entities to continue to support the deprecated table: 


1. The managed entity only supports IPv4 address formats. 


2. The managed entity supports both IPv4 and IPv6 address formats, 
and the deprecated table is supported for backwards compatibility 
with older management stations. This option SHOULD only be used 
when the IP addresses in the new table are in IPv4 format and can 
accurately be represented in both the new table and the 
deprecated table. 


Managed entities SHOULD NOT instantiate row entries in the deprecated 
table, containing IPv4-only address objects, when the RADIUS 
accounting client address represented in such a table row is not an 
IPv4 address. Managed entities SHOULD NOT return inaccurate values 
of IP address or SNMP object access errors for IPv4-only address 
objects in otherwise populated tables. When row entries exist in 
both the deprecated IPv4-only table and the new IP-version-neutral 
table that describe the same RADIUS accounting client, the row 
indexes SHOULD be the same for the corresponding rows in each table, 
to facilitate correlation of these related rows by management 
applications. 


7. Definitions 
RADIUS-ACC-SERVER-MIB DEFINITIONS ::= BEGIN 
IMPORTS 


MODULE-IDENTITY, OBJECT-TYPE, OBJECT-IDENTITY, 
Counter32, Integer32, 


IpAddress, TimeTicks, mib-2 FROM SNMPv2-SMI 
SnmpAdminString FROM SNMP-FRAMEWORK-MIB 
InetAddressType, InetAddress FROM INET-ADDRESS-MIB 


MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF'; 


radiusAccServMIB MODULE-IDENTITY 
LAST-UPDATED "200608210000Z" -- 21 August 2006 
ORGANIZATION "IETF RADIUS Extensions Working Group." 
CONTACT-INFO 
"Bernard Aboba 

Microsoft 

One Microsoft Way 

Redmond, WA 98052 

US 
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Phone: +1 425 936 6605 
EMail: bernarda@microsoft.com" 
DESCRIPTION 
"The MIB module for entities implementing the server 
side of the Remote Authentication Dial-In User 
Service (RADIUS) accounting protocol. Copyright (C) 
The Internet Society (2006). This version of this 
MIB module is part of RFC 4671; see the RFC itself 
for full legal notices." 
REVISION "2006082100002" -- 21 August 2006 
DESCRIPTION 
"Revised version as published in RFC 4671. This 
version obsoletes that of RFC 2621 by deprecating 
the MIB table containing IPv4-only address formats 
and defining a new table to add support for version- 


neutral IP address formats. The remaining MIB objects 
from RFC 2621 are carried forward into this version." 
REVISION "1999061100002" == 11 Jun 1999 


DESCRIPTION "Initial version as published in RFC 2621." 
::= { radiusAccounting 1 } 


radiusMIB OBJECT-IDENTITY 
STATUS current 
DESCRIPTION 
"The OID assigned to RADIUS MIB work by the IANA." 
::= { mib-2 67 } 


radiusAccounting OBJECT IDENTIFIER ::= {radiusMIB 2} 


radiusAccServMIBObjects OBJECT IDENTIFIER 
::= { radiusAccServMIB 1 } 


radiusAccServ OBJECT IDENTIFIER 
::= { radiusAccServMIBObjects 1 } 


radiusAccServident OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The implementation identification string for the 
RADIUS accounting server software in use on the 
system, for example, 'FNS-2.1'." 

:= {radiusAccServ 1} 


radiusAccServUpTime OBJECT-TYPE 


SYNTAX TimeTicks 
MAX-ACCESS read-only 
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STATUS current 

DESCRIPTION 
"If the server has a persistent state (e.g., a 
process), this value will be the time elapsed (in 
hundredths of a second) since the server process was 
started. For software without persistent state, this 
value will be zero." 

:= {radiusAccServ 2} 


radiusAccServResetTime OBJECT-TYPE 


SYNTAX TimeTicks 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"If the server has a persistent state (e.g., a process) 
and supports a ’reset’ operation (e.g., can be told to 
re-read configuration files), this value will be the 
time elapsed (in hundredths of a second) since the 
server was 'reset.” For software that does not 
have persistence or does not support a ’reset’ 
operation, this value will be zero." 

:= {radiusAccServ 3} 


radiusAccServConfigReset OBJECT-TYPE 


SYNTAX INTEGER { other(1), 
reset (2), 
initializing(3), 
running (4) } 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 
"Status/action object to reinitialize any persistent 
server state. When set to reset(2), any persistent 
server state (such as a process) is reinitialized as 
if the server had just been started. This value will 
never be returned by a read operation. When read, 
one of the following values will be returned: 


other (1) - server in some unknown state; 
initializing(3) - server (re)initializing; 
running(4) - server currently running." 


::= {radiusAccServ 4} 


radiusAccServTotalRequests OBJECT-TYPE 


Nelson 


SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
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"The number of packets received on the 
accounting port." 

REFERENCE "RFC 2866 section 4.1" 

::= { radiusAccServ 5 } 


radiusAccServTotalInvalidRequests OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of RADIUS Accounting-Request packets 
received from unknown addresses." 

REFERENCE "RFC 2866 sections 2, 4.1" 

:= { radiusAccServ 6 } 


radiusAccServTotalDupRequests OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of duplicate RADIUS Accounting-Request 
packets received." 

REFERENCE "RFC 2866 section 4.1" 

::= { radiusAccServ 7 } 


radiusAccServTotalResponses OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of RADIUS Accounting-Response packets 
sent." 

REFERENCE "RFC 2866 section 4.2" 

:= { radiusAccServ 8 } 


radiusAccServTotalMalformedRequests OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of malformed RADIUS Accounting-Request 
packets received. Bad authenticators or unknown 
types are not included as malformed Access-Requests." 

REFERENCE "RFC 2866 section 3" 
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::= { radiusAccServ 9 } 


radiusAccServTotalBadAuthenticators OBJECT-TYPE 


SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


August 2006 


"The number of RADIUS Accounting-Request packets 


that contained an invalid authenticator. 


REFERENCE "RFC 2866 section 3" 
::= { radiusAccServ 10 } 


radiusAccServTotalPacketsDropped OBJECT-TYPE 


SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of incoming packets silently discarded 
for a reason other than malformed, bad authenticators, 


or unknown types." 
REFERENCE "RFC 2866 section 3" 
::= { radiusAccServ 11 } 


radiusAccServTotalNoRecords OBJECT-TYPE 
SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of RADIUS Accounting-Request packets 
that were received and responded to but not 


recorded." 
::= { radiusAccServ 12 } 


radiusAccServTotalUnknownTypes OBJECT-TYPE 


SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The number of RADIUS packets of unknown type that 


were received." 
REFERENCE "RFC 2866 section 4" 
::= { radiusAccServ 13 } 


radiusAccClientTable OBJECT-TYPE 
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SYNTAX SEQUENCE OF RadiusAccClientEntry 
MAX-ACCESS not-accessible 
STATUS deprecated 
DESCRIPTION 
"The (conceptual) table listing the RADIUS accounting 
clients with which the server shares a secret." 
:= { radiusAccServ 14 } 


radiusAccClientEntry OBJECT-TYPE 

SYNTAX RadiusAccClientEntry 

MAX-ACCESS not-accessible 

STATUS deprecated 

DESCRIPTION 
"An entry (conceptual row) representing a RADIUS 
accounting client with which the server shares a 
secret." 

INDEX { radiusAccClientIndex } 

::= { radiusAccClientTable 1 } 


RadiusAccClientEntry ::= SEQUENCE { 
radiusAccClient Index Integer32, 
radiusAccClientAddress IpAddress, 
radiusAccClientID SnmpAdminString, 
radiusAccServPacketsDropped Counter32, 
radiusAccServRequests Counter32, 
radiusAccServDupRequests Counter32, 
radiusAccServResponses Counter32, 
radiusAccServBadAuthenticators Counter32, 
radiusAccServMalformedRequests Counter32, 
radiusAccServNoRecords Counter32, 
radiusAccServUnknownTypes Counter32 


} 


radiusAccClientIndex OBJECT-TYPE 

SYNTAX Integer32 (1..2147483647) 

MAX-ACCESS not-accessible 

STATUS deprecated 

DESCRIPTION 
"A number uniquely identifying each RADIUS accounting 
client with which this server communicates." 

::= { radiusAccClientEntry 1 } 


radiusAccClientAddress OBJECT-TYPE 
SYNTAX IpAddress 
MAX-ACCESS read-only 
STATUS deprecated 
DESCRIPTION 
"The NAS-IP-Address of the RADIUS accounting client 
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referred to in this table entry." 
::= { radiusAccClientEntry 2 } 


radiusAccClientID OBJECT-TYPE 

SYNTAX SnmpAdminString 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The NAS-Identifier of the RADIUS accounting client 
referred to in this table entry. This is not 
necessarily the same as sysName in MIB II." 

REFERENCE "RFC 2865 section 5.32" 

::= { radiusAccClientEntry 3 ) 


-- Server Counters 


—- Requests - DupRequests - BadAuthenticators - MalformedRequests - 
-- UnknownTypes - PacketsDropped - Responses = Pending 


-- Requests - DupRequests - BadAuthenticators - MalformedRequests - 
-- UnknownTypes - PacketsDropped - NoRecords = entries logged 


radiusAccServPacketsDropped OBJECT-TYPE 
SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS deprecated 
DESCRIPTION 
"The number of incoming packets received 
from this client and silently discarded 
for a reason other than malformed, bad 
authenticators, or unknown types." 
REFERENCE "RFC 2866 section 3" 
::= { radiusAccClientEntry 4 } 


radiusAccServRequests OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The number of packets received from this 
client on the accounting port." 

REFERENCE "RFC 2866 section 4.1" 

:= { radiusAccClientEntry 5 } 


radiusAccServDupRequests OBJECT-TYPE 
SYNTAX Counter32 
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UNITS "packets" 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The number of duplicate RADIUS Accounting-Request 
packets received from this client." 

REFERENCE "RFC 2866 section 4.1" 

:= { radiusAccClientEntry 6 } 


radiusAccServResponses OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The number of RADIUS Accounting-Response packets 
sent to this client." 

REFERENCE "RFC 2866 section 4.2" 

::= { radiusAccClientEntry 7 } 


radiusAccServBadAuthenticators OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The number of RADIUS Accounting-Request packets 
that contained invalid authenticators received 
from this client." 

REFERENCE "RFC 2866 section 3" 

::= { radiusAccClientEntry 8 } 


radiusAccServMalformedRequests OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The number of malformed RADIUS Accounting-Request 
packets that were received from this client. 
Bad authenticators and unknown types 
are not included as malformed Accounting-Requests." 

REFERENCE "RFC 2866 section 3" 

:= { radiusAccClientEntry 9 } 


radiusAccServNoRecords OBJECT-TYPE 


SYNTAX Counter32 
UNITS "packets" 


Nelson Informational [Page 12] 


RFC 4671 RADIUS Acct Server MIB (IPv6) August 2006 


MAX-ACCESS read-only 
STATUS deprecated 
DESCRIPTION 
"The number of RADIUS Accounting-Request packets 
that were received and responded to but not 
recorded." 
:= { radiusAccClientEntry 10 } 


radiusAccServUnknownTypes OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS deprecated 

DESCRIPTION 
"The number of RADIUS packets of unknown type that 
were received from this client." 

REFERENCE "RFC 2866 section 4" 

::= { radiusAccClientEntry 11 } 


-- New MIB objects added in this revision 


radiusAccClientExtTable OBJECT-TYPE 

SYNTAX SEQUENCE OF RadiusAccClientExtEntry 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"The (conceptual) table listing the RADIUS accounting 
clients with which the server shares a secret." 

:= { radiusAccServ 15 } 


radiusAccClientExtEntry OBJECT-TYPE 

SYNTAX RadiusAccClientExtEntry 

MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
"An entry (conceptual row) representing a RADIUS 
accounting client with which the server shares a 
secret." 

INDEX { radiusAccClientExtIndex } 

::= { radiusAccClientExtTable 1 } 


RadiusAccClientExtEntry ::= SEQUENCE { 
radiusAccClientExt Index Integer32, 
radiusAccClientInetAddressType InetAddressType, 
radiusAccClientInetAddress InetAddress, 
radiusAccClientExtID SnmpAdminString, 
radiusAccServExtPacketsDropped Counter32, 
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radiusAccServExtRequests 
radiusAccServExtDupRequests 
radiusAccServExtResponses 
radiusAccServExtBadAuthenticators 
radiusAccServExtMalformedRequests 
radiusAccServExtNoRecords 
radiusAccServExtUnknownTypes 
radiusAccServerCounterDiscontinuity 


} 


radiusAccClientExtIndex OBJECT-TYPE 


SYNTAX Integer32 (1..2147483647) 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


Counter32, 
Counter32, 
Counter32, 
Counter32, 
Counter32, 
Counter32, 
Counter32, 
TimeTicks 


August 2006 


"A number uniquely identifying each RADIUS accounting 


client with which this server communicates." 


::= { radiusAccClientExtEntry 1 } 


radiusAccClientInetAddressType OBJECT-TYPE 


SYNTAX InetAddressType 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The type of address format used for the 


radiusAccClientInetAddress object." 


::= { radiusAccClientExtEntry 2 ) 


radiusAccClientInetAddress OBJECT-TYPE 
SYNTAX InetAddress 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"The IP address of the RADIUS accounting 
client referred to in this table entry, 


the IPv6 address format." 
:= { radiusAccClientExtEntry 3 } 


radiusAccClientExtID OBJECT-TYPE 
SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


using 


Nelson 


"The NAS-Identifier of the RADIUS accounting client 
referred to in this table entry. This is not 
necessarily the same as sysName in MIB II." 


REFERENCE "RFC 2865 section 5.32" 
::= { radiusAccClientExtEntry 4 } 
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-- Server Counters 


-- Requests - DupRequests - BadAuthenticators - MalformedRequests - 
-- UnknownTypes - PacketsDropped - Responses = Pending 


-- Requests - DupRequests - BadAuthenticators - MalformedRequests - 
-- UnknownTypes - PacketsDropped - NoRecords = entries logged 


radiusAccServExtPacketsDropped OBJECT-TYPE 
SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"The number of incoming packets received from this 
client and silently discarded for a reason other 
than malformed, bad authenticators, or unknown types. 
This counter may experience a discontinuity when the 
RADIUS Accounting Server module within the managed 
entity is reinitialized, as indicated by the current 
value of radiusAccServerCounterDiscontinuity." 
REFERENCE "RFC 2866 section 3" 
::= { radiusAccClientExtEntry 5 } 


radiusAccServExtRequests OBJECT-TYPE 
SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 


DESCRIPTION 
"The number of packets received from this 
client on the accounting port. This counter 


may experience a discontinuity when the 
RADIUS Accounting Server module within the 
managed entity is reinitialized, as indicated by 
the current value of 
radiusAccServerCounterDiscontinuity." 

REFERENCE "RFC 2866 section 4.1" 

::= { radiusAccClientExtEntry 6 } 


radiusAccServExtDupRequests OBJECT-TYPE 
SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 


DESCRIPTION 
"The number of duplicate RADIUS Accounting-Request 
packets received from this client. This counter 
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may experience a discontinuity when the RADIUS 
Accounting Server module within the managed 
entity is reinitialized, as indicated by the 
current value of 
radiusAccServerCounterDiscontinuity." 
REFERENCE "RFC 2866 section 4.1" 
:= { radiusAccClientExtEntry 7 } 


radiusAccServExtResponses OBJECT-TYPE 
SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 


DESCRIPTION 
"The number of RADIUS Accounting-Response packets 
sent to this client. This counter may experience 


a discontinuity when the RADIUS Accounting Server 
module within the managed entity is reinitialized, 
as indicated by the current value of 
radiusAccServerCounterDiscontinuity." 
REFERENCE "RFC 2866 section 4.2" 
:= { radiusAccClientExtEntry 8 } 


radiusAccServExtBadAuthenticators OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of RADIUS Accounting-Request packets 
that contained invalid authenticators received 
from this client. This counter may experience a 
discontinuity when the RADIUS Accounting Server 
module within the managed entity is reinitialized, 
as indicated by the current value of 
radiusAccServerCounterDiscontinuity." 

REFERENCE "RFC 2866 section 3" 

::= { radiusAccClientExtEntry 9 } 


radiusAccServExtMalformedRequests OBJECT-TYPE 

SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of malformed RADIUS Accounting-Request 
packets that were received from this client. 
Bad authenticators and unknown types are not 
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included as malformed Accounting-Requests. This 
counter may experience a discontinuity when the 
RADIUS Accounting Server module within the managed 


entity is reinitialized, as indicated by the current 


value of radiusAccServerCounterDiscontinuity." 
REFERENCE "RFC 2866 section 3" 
:= [ radiusAccClientExtEntry 10 } 


radiusAccServExtNoRecords OBJECT-TYPE 


SYNTAX Counter32 

UNITS "packets" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of RADIUS Accounting-Request packets 
that were received and responded to but not 
recorded. This counter may experience a 
discontinuity when the RADIUS Accounting Server 
module within the managed entity is reinitialized, 
as indicated by the current value of 
radiusAccServerCounterDiscontinuity." 

:= { radiusAccClientExtEntry 11 } 


radiusAccServExtUnknownTypes OBJECT-TYPE 


SYNTAX Counter32 
UNITS "packets" 
MAX-ACCESS read-only 
STATUS current 


DESCRIPTION 
"The number of RADIUS packets of unknown type that 
were received from this client. This counter may 


experience a discontinuity when the RADIUS Accounting 


Server module within the managed entity is 
reinitialized, as indicated by the current value of 
radiusAccServerCounterDiscontinuity." 
REFERENCE "RFC 2866 section 4" 
:= { radiusAccClientExtEntry 12 } 


radiusAccServerCounterDiscontinuity OBJECT-TYPE 


Nelson 


SYNTAX TimeTicks 

UNITS "centiseconds" 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"The number of centiseconds since the last 
discontinuity in the RADIUS Accounting Server 
counters. A discontinuity may be the result of 


a reinitialization of the RADIUS Accounting Server 
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module within the managed entity." 
::= { radiusAccClientExtEntry 13 } 
-=- conformance information 


radiusAccServMIBConformance OBJECT IDENTIFIER 
:= { radiusAccServMIB 2 } 


radiusAccServMIBCompliances OBJECT IDENTIFIER 
::= { radiusAccServMIBConformance 1 } 


radiusAccServMIBGroups OBJECT IDENTIFIER 
::= { radiusAccServMIBConformance 2 } 


-- compliance statements 


radiusAccServMIBCompliance MODULE-COMPLIANCE 

STATUS deprecated 

DESCRIPTION 
"The compliance statement for accounting servers 
implementing the RADIUS Accounting Server MIB. 
Implementation of this module is for IPv4-only 
entities, or for backwards compatibility use with 
entities that support both IPv4 and IPv6." 

MODULE -- this module 

MANDATORY-GROUPS { radiusAccServMIBGroup } 


OBJECT radiusAccServConfigReset 
WRITE-SYNTAX INTEGER { reset(2) } 
DESCRIPTION "The only SETable value is 'reset” (2)." 


::= { radiusAccServMIBCompliances 1 } 


radiusAccServExtMIBCompliance MODULE-COMPLIANCE 

STATUS current 

DESCRIPTION 
"The compliance statement for accounting 
servers implementing the RADIUS Accounting 
Server IPv6 Extensions MIB. Implementation of 
this module is for entities that support IPv6, 
or support IPv4 and IPv6." 

MODULE -- this module 

MANDATORY-GROUPS { radiusAccServExtMIBGroup } 


OBJECT radiusAccServConfigReset 
WRITE-SYNTAX INTEGER { reset(2) } 
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DESCRIPTION "The only SETable value is ’reset’ (2)." 


OBJECT radiusAccClientInetAddressType 
SYNTAX InetAddressType { ipv4(1), ipv6(2) } 
DESCRIPTION 
"An implementation is only required to support 
IPv4 and globally unique IPv6 addresses." 


OBJECT radiusAccClientInetAddress 

SYNTAX InetAddress ( SIZE (4|16) ) 

DESCRIPTION 
"An implementation is only required to support 
IPv4 and globally unique IPv6 addresses." 


:= { radiusAccServMIBCompliances 2 } 


-- units of conformance 


radiusAccServMIBGroup OBJECT-GROUP 

OBJECTS {radiusAccServlIdent, 
radiusAccServUpTime, 
radiusAccServResetTime, 
radiusAccServConfigReset, 
radiusAccServTotalRequests, 
radiusAccServTotalInvalidRequests, 
radiusAccServTotalDupRequests, 
radiusAccServTotalResponses, 
radiusAccServTotalMalformedRequests, 
radiusAccServTotalBadAuthenticators, 
radiusAccServTotalPacketsDropped, 
radiusAccServTotalNoRecords, 
radiusAccServTotalUnknownTypes, 
radiusAccClientAddress, 
radiusAccClientID, 
radiusAccServPacketsDropped, 
radiusAccServRequests, 
radiusAccServDupRequests, 
radiusAccServResponses, 
radiusAccServBadAuthenticators, 
radiusAccServMalformedRequests, 
radiusAccServNoRecords, 
radiusAccServUnknownTypes 
} 

STATUS deprecated 

DESCRIPTION 

"The collection of objects providing management of 
a RADIUS Accounting Server." 


Nelson Informational [Page 19] 


RFC 4671 RADIUS Acct Server MIB (IPv6) August 2006 


::= { radiusAccServMIBGroups 1 } 


radiusAccServExtMIBGroup OBJECT-GROUP 
OBJECTS (radiusAccServldent, 
radiusAccServUpTime, 
radiusAccServResetTime, 
radiusAccServConfigReset, 
radiusAccServTotalRequests, 
radiusAccServTotalInvalidRequests, 
radiusAccServTotalDupRequests, 
radiusAccServTotalResponses, 
radiusAccServTotalMalformedRequests, 
radiusAccServTotalBadAuthenticators, 
radiusAccServTotalPacketsDropped, 
radiusAccServTotalNoRecords, 
radiusAccServTotalUnknownTypes, 
radiusAccClientInetAddressType, 
radiusAccClientInetAddress, 
radiusAccClientExtID, 
radiusAccServExtPacketsDropped, 
radiusAccServExtRequests, 
radiusAccServExtDupRequests, 
radiusAccServExtResponses, 
radiusAccServExtBadAuthenticators, 
radiusAccServExtMalformedRequests, 
radiusAccServExtNoRecords, 
radiusAccServExtUnknownTypes, 
radiusAccServerCounterDiscontinuity 
} 
STATUS current 
DESCRIPTION 
"The collection of objects providing management of 
a RADIUS Accounting Server." 
::= { radiusAccServMIBGroups 2 } 


END 
8. Security Considerations 


There are management objects (radiusAccServConfigReset) defined in 
this MIB that have a MAX-ACCESS clause of read-write and/or read- 
create. Such objects may be considered sensitive or vulnerable in 
some network environments. The support for SET operations in a non- 
secure environment without proper protection can have a negative 
effect on network operations. These are: 
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radiusAccServConfigReset 
This object can be used to reinitialize the persistent state of 
any server. When set to reset(2), any persistent server state 
(such as a process) is reinitialized as if the server had just 
been started. Depending on the server implementation details, 
this action may or may not interrupt the processing of pending 
request in the server. Abuse of this object may lead to a Denial 
of Service attack on the server. 


There are a number of managed objects in this MIB that may contain 
sensitive information. These are: 


radiusAccClientIPAddress 
This can be used to determine the address of the RADIUS accounting 
client with which the server is communicating. This information 
could be useful in mounting an attack on the accounting client. 


radiusAccClientInetAddress 
This can be used to determine the address of the RADIUS accounting 
client with which the server is communicating. This information 
could be useful in mounting an attack on the accounting client. 


It is thus important to control even GET access to these objects and 

possibly to even encrypt the values of these object when sending them 
over the network via SNMP. Not all versions of SNMP provide features 
for such a secure environment. 


SNMP versions prior to SNMPv3 do not provide a secure environment. 
Even if the network itself is secure (for example by using IPsec), 
there is no control as to who on the secure network is allowed to 
access and GET/SET (read/change/create/delete) the objects in this 
MIB. 


It is RECOMMENDED that implementers consider the security features as 
provided by the SNMPv3 framework (see [RFC3410], section 8), 
including full support for the SNMPv3 cryptographic mechanisms (for 
authentication and privacy). 


Further, deployment of SNMP versions prior to SNMPv3 is NOT 
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 
enable cryptographic security. It is then a customer/operator 
responsibility to ensure that the SNMP entity giving access to an 
instance of this MIB module is properly configured to give access to 
the objects only to those principals (users) that have legitimate 
rights to indeed GET or SET (change/create/delete) them. 
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